Try our new research platform with insights from 80,000+ expert users
Microsoft Defender for Identity Logo

Microsoft Defender for Identity Reviews

Vendor: Microsoft
4.4 out of 5
Badge Leader
Leave a review

What is Microsoft Defender for Identity?

Microsoft Defender for Identity offers real-time threat detection and protection for hybrid Active Directory environments. It integrates with Microsoft 365 components for seamless security and monitors advanced behaviors, enhancing identity protection across cloud and on-premises environments.

Get the Microsoft Defender for Identity Buyer's Guide and find out what your peers are saying about Microsoft Defender for Identity, CrowdStrike Falcon, Microsoft Intune and more!
Microsoft Defender for Identity is the #3 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #4 ranked solution in top Microsoft Security Suite solutions, and #6 ranked solution in top Advanced Threat Protection (ATP) solutions. PeerSpot users give Microsoft Defender for Identity an average rating of 8.8 out of 10. Microsoft Defender for Identity is most commonly compared to CrowdStrike Falcon: Microsoft Defender for Identity vs CrowdStrike Falcon. Microsoft Defender for Identity is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 14% of all views.
Buyer's Guide
Microsoft Defender for Identity
December 2025
Get the report
Helped 879,310 peers since 2012

Featured Microsoft Defender for Identity reviews

Read more reviews

Microsoft Defender for Identity mindshare

Product category:
Identity Threat Detection and Respons...
As of December 2025, the mindshare of Microsoft Defender for Identity in the Identity Threat Detection and Response (ITDR) category stands at 12.5%, down from 20.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Identity Threat Detection and Response (ITDR) Market Share Distribution
ProductMarket Share (%)
Microsoft Defender for Identity12.5%
CrowdStrike Falcon14.5%
Microsoft Entra ID Protection8.7%
Other64.3%
Identity Threat Detection and Response (ITDR)

PeerResearch reports based on Microsoft Defender for Identity reviews

TypeTitleDate
CategoryIdentity Threat Detection and Response (ITDR)Dec 30, 2025Download
ProductReviews, tips, and advice from real usersDec 30, 2025Download
ComparisonMicrosoft Defender for Identity vs CrowdStrike FalconDec 30, 2025Download
ComparisonMicrosoft Defender for Identity vs Microsoft Entra ID ProtectionDec 30, 2025Download
ComparisonMicrosoft Defender for Identity vs Varonis PlatformDec 30, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.314.5%97%136 interviewsAdd to research
Microsoft Intune4.1N/A94%305 interviewsAdd to research
 
 
Key learnings from peers
Last updated Nov 21, 2025

Valuable Features

Microsoft Defender for Identity excels with features like seamless integration with other Microsoft tools, comprehensive monitoring, and entity tagging. The platform provides real-time behavioral analytics and threat intelligence. Plural uses praise its automated threat response and customizable detection rules. The security dashboard offers visibility into threats, and the hybrid AI helps manage vulnerabilities effectively. Convenient bidirectional syncing supports both cloud and on-premises systems, allowing users to address identity security issues swiftly and efficiently.
  • "Microsoft Defender for Identity helps me automate routine tasks and find alerts that I set up to receive, so it helps me get where I'm trying to go easier and faster."
  • "In the security portfolio that we manage, Microsoft Defender for Identity is very important because it is the professional service that we sell the most."
  • "The most valuable features of Microsoft Defender for Identity are the simulations; whenever something happens, it provides complete step-by-step process details, including the hierarchy, how it happens in the environment, and the lateral movement, which is amazing."

Room for Improvement

Microsoft Defender for Identity experiences issues with cloud security integration, lacks direct remediation, and generates numerous false positives. Administrative interfaces and technical support are insufficient. Logs and alerts lack clarity, and threat intelligence is incomplete. The setup process is complex. Improvements are needed in anomaly detection, documentation, and non-Microsoft system integration. Users desire better automation for conditional access and travel detection, along with enhanced flexibility in agent deployment and mobile platform integration within Teams.
  • "I can't say that I've seen a return on investment since we have Microsoft Defender for Identity because we also have another security solution in place."
  • "Microsoft Defender for Identity does not save me time, but I think it is the way that I secure the data."
  • "Fixing the solution isn't very seamless."

ROI

Most users note that Microsoft Defender for Identity offers a notable return on investment by preventing incidents and enabling faster resolution of security issues. Many find it budget-friendly compared to the expense of deploying complete hardware setups. Some mention the time saved for system administrators and emphasize its ability to identify and eliminate breaches. They note that it satisfies client needs. However, determining an ROI can be challenging if effects aren't measured.

Pricing

Enterprise users find Microsoft Defender for Identity reasonably priced as part of Microsoft 365, especially when bundled with the E5 license. It offers value compared to standalone SIEM solutions and includes no extra setup costs beyond standard licensing. While some users cite it as more costly than other Microsoft products and recommend discounted E5 licenses for cost-effectiveness, others appreciate the ability to purchase specific features. Overall, it's considered affordable and competitive within its market segment.
  • "Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."
  • "It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."
  • "The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

Popular Use Cases

Organizations primarily utilize Microsoft Defender for Identity for monitoring and securing Active Directory environments, both on-premises and in the cloud. They leverage its user and entity behavior analytics to detect anomalies, pinpoint threats like lateral moves, and respond to identity-related attacks. Users report that its integration with other Microsoft security tools enhances threat detection and prevention, safeguarding identity systems against malicious activities, and ensuring privileged access control while maintaining a secure hybrid infrastructure.

Service and Support

Microsoft Defender for Identity's customer service is mixed. Some find the technical team responsive and knowledgeable, especially for corporate and premium plans, resulting in excellent assistance. However, others report delays, particularly with lower-tier subscriptions or general support. Concerns exist over difficulties reaching appropriate support groups. While some rate support highly due to quick resolutions, others criticize it for slow responses and lack of expertise. Feedback varies based on user interaction frequency and subscription level.

Deployment

Microsoft Defender for Identity's initial setup is generally straightforward, often requiring minimal time and effort. Installation involves downloading and installing agents on domain controllers. Some organizations noted that firewalls and proxy settings could complicate configuration. It primarily runs in the cloud, minimizing maintenance needs for users. Most found it user-friendly and efficient, though some suggested improvements for environments using proxy servers. Overall, setup requires minimal personnel, often just one or two individuals.

Scalability

Microsoft Defender for Identity is noted for its strong scalability, suitable for a wide range of environments from small to large enterprises. Users report seamless deployment and robust performance across multiple locations and thousands of endpoints. The cloud-based nature ensures effortless scaling, and it's effective for both centralized and decentralized infrastructures. Many commend its capacity to support future growth, managing extensive networks with numerous users, while others mention its lightweight nature that easily adapts to various deployment needs.

Stability

Microsoft Defender for Identity is highly stable, with most users reporting no major issues or downtime. Many commend its recent improvements and robust performance on Azure infrastructure, though some mention occasional sensor restarts that require attention. Several rate its stability between seven and nine out of ten. Certain users noticed minor imperfections in sensor deployment, necessitating intervention. Overall, confidence in its stability is high, with acknowledgments of consistent performance and reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Microsoft Defender for Identity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise14
By reviewers
By visitors reading reviews
Company SizeCount
Small Business305
Midsize Enterprise142
Large Enterprise609
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
8%
Comms Service Provider
7%
Government
6%
University
5%
Healthcare Company
5%
Retailer
4%
Outsourcing Company
4%
Legal Firm
3%
Insurance Company
3%
Performing Arts
3%
Energy/Utilities Company
3%
Educational Organization
2%
Transportation Company
2%
Real Estate/Law Firm
2%
Construction Company
2%
Newspaper
2%
Non Profit
2%
Hospitality Company
2%
Media Company
2%
Recreational Facilities/Services Company
1%
Wholesaler/Distributor
1%
Logistics Company
1%
Marketing Services Firm
1%
Pharma/Biotech Company
1%
Aerospace/Defense Firm
1%

Compare Microsoft Defender for Identity with alternative products

Go!

Learn more about Microsoft Defender for Identity

Microsoft Defender for Identity provides detailed threat insights and user behavior analytics to detect unauthorized access and notify anomalies. It allows setting custom detection rules, enhancing threat response automation. While it needs improvements in cloud security, SIEM integration, and access controls, users leverage its ability to mitigate identity threats like suspicious logins and ransomware. Enhanced integration with Microsoft security products ensures a coordinated threat response for identity control and privilege management.

What are the key features of Microsoft Defender for Identity?
  • Active Directory Federation: Seamlessly integrates with Microsoft 365 for comprehensive security.
  • Real-time Security Monitoring: Provides immediate insights into advanced user behaviors and potential threats.
  • Threat Insights: Delivers detailed analysis of threats with the ability to customize detection rules.
  • User Behavior Analytics: Analyzes user activities to detect anomalies and potential risks.
  • Identity Protection: Offers comprehensive protection in both cloud and on-premises environments.
What benefits should users expect from reviews of Microsoft Defender for Identity?
  • Unauthorized Access Prevention: Identifies potential unauthorized activities with advanced detection mechanisms.
  • Anomaly Notification: Alerts users to unexpected activities within their environments.
  • Threat Response Automation: Facilitates rapid response to threats with automated solutions.
  • Enhanced Cloud Security: Strengthens identity management across hybrid and cloud frameworks.

In specific industries, organizations implement Microsoft Defender for Identity to secure on-premises and hybrid Active Directory environments through user and entity behavior analytics, malicious activity detection, and integration with Microsoft security tools. This approach enhances security posture assessment and helps mitigate identity threats like identity harvesting and unauthorized access.

Microsoft Defender for Identity was previously known as Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity.

Microsoft Defender for Identity customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Related questions

  • 20
When evaluating Identity Threat Detection and Response (ITDR), what aspect do you think is the most important to look for?
  • 70
Why is ITDR (Identity Threat Detection and Response) important for companies?
  • 14
Why is Identity Threat Detection and Response (ITDR) important for companies?

Product Categories

Product Categories
Identity Threat Detection and Response (ITDR)
Advanced Threat Protection (ATP)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Microsoft Defender for Identity Logo
CrowdStrike Falcon vs Microsoft Defender for Identity
Microsoft Intune vs Microsoft Defender for Identity Logo
Microsoft Intune vs Microsoft Defender for Identity
Microsoft Defender for Endpoint vs Microsoft Defender for Identity Logo
Microsoft Defender for Endpoint vs Microsoft Defender for Identity
Microsoft Entra ID vs Microsoft Defender for Identity Logo
Microsoft Entra ID vs Microsoft Defender for Identity
Microsoft Defender for Office 365 vs Microsoft Defender for Identity Logo
Microsoft Defender for Office 365 vs Microsoft Defender for Identity
Microsoft Defender for Cloud vs Microsoft Defender for Identity Logo
Microsoft Defender for Cloud vs Microsoft Defender for Identity
Microsoft Sentinel vs Microsoft Defender for Identity Logo
Microsoft Sentinel vs Microsoft Defender for Identity
Varonis Platform vs Microsoft Defender for Identity Logo
Varonis Platform vs Microsoft Defender for Identity
Cortex XSIAM vs Microsoft Defender for Identity Logo
Cortex XSIAM vs Microsoft Defender for Identity
ESET Endpoint Protection Platform vs Microsoft Defender for Identity Logo
ESET Endpoint Protection Platform vs Microsoft Defender for Identity
Palo Alto Networks WildFire vs Microsoft Defender for Identity Logo
Palo Alto Networks WildFire vs Microsoft Defender for Identity
Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity Logo
Microsoft Defender for Cloud Apps vs Microsoft Defender for Identity
Saviynt vs Microsoft Defender for Identity Logo
Saviynt vs Microsoft Defender for Identity
Microsoft Defender for Business vs Microsoft Defender for Identity Logo
Microsoft Defender for Business vs Microsoft Defender for Identity
Microsoft Defender Vulnerability Management vs Microsoft Defender for Identity Logo
Microsoft Defender Vulnerability Management vs Microsoft Defender for Identity
See all alternatives
 
Microsoft Defender for Identity Reviews Summary
Author infoRatingReview Summary
Cloud Security & Governance at a financial services firm with 10,001+ employees4.0We use Microsoft Defender for Identity to protect our on-premises and hybrid Active Directory, focusing on advanced threat detection and security posture assessment. Despite its strengths, reducing alert fatigue remains necessary as we enhance integration with Azure AD.
CyberSecurity Engineer | Information Security Management at Self Employed5.0I find Microsoft Defender for Identity valuable for its conditional access and role-based permissions. It saves time but could improve in automation for impossible travel detection, particularly with VPNs, to reduce unnecessary disruptions and enhance security.
Instrumentation Engineer at Toyo Engineering Corp4.0We're testing Microsoft Defender for Identity, which auto-remediates incidents, saving investigation time and offering preemptive security. It identifies and mitigates threats from different IPs efficiently. We're in the initial phase, using it alongside Microsoft Azure.
Security Engineer at Fidelity Bank Plc4.0I've used Microsoft Defender for Identity in a hybrid setup with Azure AD for over five years; it's effective but costly, has occasional latency, limited third-party integration, and setup requires ongoing optimization despite responsive technical support.
Technology Coordinator at a educational organization with 501-1,000 employees4.0I've used Microsoft Defender for Identity for years; it saves me time, improves threat visibility, and supports faster responses, though I don’t use it much lately. It's stable, effective, and customer support has been knowledgeable and efficient.
Manager, Collaboration Bds at C3ntro5.0I've used Microsoft Defender for Identity for four years; it's stable, helps secure data, and fits our financial clients well. While not time- or cost-saving for me, it's essential to our enterprise security services.
CTO at a tech vendor with 10,001+ employees4.0I use Microsoft Defender for Identity as part of the Defender suite to manage identities. Its seamless integration with other tools is valuable, though it’s expensive with Sentinel and could improve integration with non-Microsoft systems. No ROI seen yet.
Deputy Manager at Servion Global Solutions5.0I’ve used Microsoft Defender for Identity for over four years, and it’s stable, scalable, and effective with valuable threat analytics and reporting. Setup was smooth with support from Microsoft's fast track team, and I have no complaints.